Tag Archives:anti-virus evasion

Preamble

Anti-virus is often the last line of defense to users, the ability to bypass that system is a critical one for Penetration Testers but I’m still not comfortable in giving out a complete walk through as that kind of knowledge offers great advantage to attackers but little benefit to defenders. For me, that’s the ultimate test for ethics: are we assisting defense more than attack, if we are not then the tactic or system is dangerous. Tools like Veil-Evasion often makes evasion trivial the tool is well documented. I will present in this article my findings and research in anti-virus evasion, but will not offer a complete walk through of how to get a zero score on sites like virustotal.com. Consider this an adventure, not a guide.

Most Penetration Testers will know and love Metasploit’s PsExec module for running commands on remote Windows machines, if you’re not familiar with it – it allows you to take a compromised Local Administrator account and use it to execute commands on the remote machine (or to upload Meterpreter of course! These methods all require the ability to write to Admin$ on the remote machine, which basically means a Local Administrator account.